QRadar Analyst Workflow
IBM Security QRadar Analyst Workflow provides new methods for filtering offenses and events, and graphical representations of offenses, by magnitude, assignee, and type. The improved offenses workflow provides a more intuitive method to investigate offense to determine the root cause of an issue and work to resolve it. Use the built-in query builder to create AQL queries by using examples and saved or shared searches, or by typing plain text into the search field.
- Offenses
- The Offenses page displays a table of the offenses in your QRadar environment that you can filter in many different ways. It also includes graphical representations of offenses, by magnitude, assignee, and type. From this page, you can investigate an offense to determine the root cause of an issue and work to resolve it.
- Search
- The Search page includes a Query Builder that you can use to build an Ariel Query Language (AQL) search to find specific offenses. Create a search using examples, saved or shared searches, or typing directly into the Query Builder. The Search page also includes links to many resources to learn about creating AQL queries.
- Apps
- The Apps list includes QRadar apps that are compatible with the new Analyst Workflow. The first release of the workflow includes the Dashboards (Pulse) app. IBM QRadar Pulse is a dashboard app that you can use to communicate insights and analysis about your network. For more information, see the IBM QRadar Pulse documentation.
See the QRadar Analyst Workflow announcement on the IBM Security Community Announcement Blog.